CVE-2022-2401

MEDIUM6.5EPSS 0.33%

Mattermost users could access some sensitive information via API call

Published: 7/15/2022Modified: 8/21/2024

Also known as:GHSA-7ggc-5r84-xf54BIT-mattermost-2022-2401GO-2022-0540

Description

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.

Affected packages (5)

Bitnami/mattermostfrom 0, < 6.3.9, >= 6.4.0, < 6.5.2 | >= 6.6.0, <= 6.6.0, >= 6.6.1, <= 6.6.1, >= 6.7.0, <= 6.7.0
Go/github.com/mattermost/mattermost-serverfrom 0
Go/github.com/mattermost/mattermost-server/v5from 0
Go/github.com/mattermost/mattermost-server/v6from 0, < 6.3.9
Go/github.com/mattermost/mattermost-server/v6from 0, < 6.3.9, >= 6.4.0, < 6.5.2, >= 6.6.0, < 6.6.2, >= 6.7.0, < 6.7.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYhttps://github.com/advisories/GHSA-7ggc-5r84-xf54
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2401
PATCHhttps://github.com/mattermost/mattermost-server
WEBhttps://mattermost.com/security-updates
WEBhttps://mattermost.com/security-updates/